Forum Discussion
MEM Intune Endpoint Security Bitlocker troubleshooting
Hi, trying to figure out why I keep seeing the following when trying to encrypt my devices with endpoint security. What does not applicable mean? Is there any logs I can check or event viewer ent...
Hi Stephanie,
I would check the event viewer under here for more info-
logs\Microsoft\Windows\BitLocker-API.
I recommend upgrading BIOS version, enable Secure Boot and update to TPM 2.0.
Here is a good guide to enable Silent encryption-
https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/
Hope this helps!
Moe
I would check the event viewer under here for more info-
logs\Microsoft\Windows\BitLocker-API.
I recommend upgrading BIOS version, enable Secure Boot and update to TPM 2.0.
Here is a good guide to enable Silent encryption-
https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/
Hope this helps!
Moe
Yes that's one the main place I look for logs.
Here's what we're getting so far:
The error we are getting is :
Failed to enable Silent Encryption
Error: a required privilege is not held by the client
And we also get:
Bitlocker cannot use Secure Boot for integrity because the UEFI variable 'secureboot' could not be read
Error: a required privilege is not held by the clientWe also on HP 840 with TPM 1.2 (not supported to uprgade to 2.0), get the bitlocker 3rd party drive encryption, even if the MDM policy is set to block on the device.
Seems like it's not honoring this setting for some reason.
On that device, we get Bitlocker cannot use secure boot for integrity because the expected tcg log entry for variable 'secureboot' is missing or invalid
- I've requested a newer laptop with TPM 2.0 to see if it'll change anything.
- Can you make sure Allowing Standard User to enable encryption during Azure AD join is checked?
